【作者】 綦贺；

【导师】 张宏莉；

【作者基本信息】 哈尔滨工业大学 ， 计算机科学与技术， 2006， 硕士

【摘要】 政府、企业等机构都纷纷建立了自己的内部局域网,网络建设已经成为提升企事业单位工作效率和核心竞争力的关键因素之一。在网络规模不断增大的同时,因为以错误的方式或为达到错误的目的而使用,所引起的网络安全事件造成的损失也日益引起人们的重视。统计表明,全球80%以上的泄密和网络入侵来自于网络内部,因此内部网络误用行为引起的安全问题已日益成为网络安全管理研究领域中的一个难题。本文首先介绍了网络误用行为检测系统的实施环境和国内外对网络误用行为检测技术的研究现状,说明了本文所实现的检测系统与传统的检测系统的区别。分析比较了基于主机的误用行为检测技术和基于网络的误用行为检测技术的特点,详细说明了误用行为检测方法的原理和技术。利用IP欺骗原理和ICMP回响功能,借鉴对等网的优点对传统检测系统的C/S架构进行了改进,设计实现了由若干受控子网组成的大规模网络的误用行为检测系统。在检测系统的设计中,对系统的扫描、监测和用户接口这三个子模块的主要功能、程序流程及函数设计等进行了详细的说明。检测系统可以按照用户预先制定的参数配置对本子网内的主机进行扫描,同时监听来自其它子网的误用行为,在发现误用行为情况后进行报警。系统具有及时、准确、灵活、有效的监控能力,能够为用户确定发生误用行为主机的详细信息。最后,介绍了实验情况,分别对子网与子网之间的误用行为检测、子网与外网之间的误用行为检测及系统性能等情况进行说明分析。更多还原

【Abstract】 Now many organizations of government and enterprise all build up own local area network in succession. The network construction has become one of the key factors by which enterprises advance work efficiency and core competition ability. When the network scope extends continually, using through mistake mode or for mistake purpose, the network security affaires emerge in endlessly. The loss from the affairs is paid attention by people increasingly. According to the statistic result 80% of told secret and network inbreak come from the inner network. The security problem produced by internal network misuse has become a kind of difficult problem in the research field of network security management.The paper mainly designes and realizes a type system of misuse and detection. The implement condition of network misuse detection system is introduced and the difference between the system studied in this paper and traditional detection system is given. The principle of misuse detection is analysed, on the basis of which the correlation techniques are introduced. The construction of misuse detection system is illuminated.The paper mainly designed and realized an antetype system of misuse and detection. The implement condition of network misuse detection system is introduced and the difference between the system studied in this paper and traditional detection system is given. The principle of misuse detection is analysed, on the basis of which the correlation techniques such as the P2P, network program, Libnet, Libpcap, Jsp, Mysql etc are introduced.The traits of misuse detection technology based on the host and network are presented. The network misuse detection prototype system is realized by principle of IP cheating and the function of ICMP response. In the frame design of detection system, there are major functions, program flow and function design of three sub models bout the scan, monitor and the interface of user. The detection system can scan the hosts in this sub network make use of parameter configures given by the user. At the same time, this system can monitor the lawless connection. And this system can give some hints when the lawless更多还原